# IPCOP

[![image-1615470107505.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/lRG8s1W4nfsvCEaa-image-1615470107505.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/lRG8s1W4nfsvCEaa-image-1615470107505.png)

## <span style="text-decoration: underline;">**Introduction**</span>

IPCop est une distribution Linux basée sur Linux, qui vise à fournir un pare-feu simple à gérer basé sur du matériel PC. IPCop est un pare-feu à états construit sur le framework netfilter de Linux.

[![image-1615470123690.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/HsLxil1wRfLtli5i-image-1615470123690.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/HsLxil1wRfLtli5i-image-1615470123690.png)

Nous allons installer IPCop sur une machine virtuelle.

## <span style="text-decoration: underline;">**Développement**</span>

### <span style="text-decoration: underline;">Configuration de la machine virtuelle</span>

[![image-1615470144879.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/YMP4RtBIgpWBwqtl-image-1615470144879.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/YMP4RtBIgpWBwqtl-image-1615470144879.png)

Installation

[![image-1615470165326.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/7Myyz3izWAcNGETI-image-1615470165326.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/7Myyz3izWAcNGETI-image-1615470165326.png)

[![image-1615470167417.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/OACgqqg9osxby9qv-image-1615470167417.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/OACgqqg9osxby9qv-image-1615470167417.png)

[![image-1615470170730.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/5wT7dfmPLTivJzDU-image-1615470170730.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/5wT7dfmPLTivJzDU-image-1615470170730.png)

[![image-1615470173260.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/ER9Kk9wKJJ4ZbMrM-image-1615470173260.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/ER9Kk9wKJJ4ZbMrM-image-1615470173260.png)

[![image-1615470178007.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/SfR5k5A4CxVmpgzH-image-1615470178007.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/SfR5k5A4CxVmpgzH-image-1615470178007.png)

[![image-1615470181279.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/sClpOnzS0UPyfACw-image-1615470181279.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/sClpOnzS0UPyfACw-image-1615470181279.png)

[![image-1615470184683.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/wLAGQJuZNdD1z3Pk-image-1615470184683.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/wLAGQJuZNdD1z3Pk-image-1615470184683.png)

[![image-1615470188284.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/eHEKBxzbV18ELQWb-image-1615470188284.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/eHEKBxzbV18ELQWb-image-1615470188284.png)

[![image-1615470191888.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/JBJRSS54pS0xXrIE-image-1615470191888.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/JBJRSS54pS0xXrIE-image-1615470191888.png)

[![image-1615470194342.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/9q4deND26pz8x8w9-image-1615470194342.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/9q4deND26pz8x8w9-image-1615470194342.png)

[![image-1615470197345.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/oCurO4hpUFMgWc2Z-image-1615470197345.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/oCurO4hpUFMgWc2Z-image-1615470197345.png)

[![image-1615470200625.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/ROb7KzG4x1lq3kUL-image-1615470200625.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/ROb7KzG4x1lq3kUL-image-1615470200625.png)

localdomain car pas de domaine.

[![image-1615470203475.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/GhcMiY8zJxhWWdcg-image-1615470203475.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/GhcMiY8zJxhWWdcg-image-1615470203475.png)

RED pour WAN

[![image-1615470228028.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/HCIZzon9gHWMBbob-image-1615470228028.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/HCIZzon9gHWMBbob-image-1615470228028.png)

![image-1615470214156.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/F8CqOSu5NAyHNZ4n-image-1615470214156.png)

GREEN pour LAN

[![image-1615470388922.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/8pd77REsWvCenmyD-image-1615470388922.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/8pd77REsWvCenmyD-image-1615470388922.png)

[![image-1615470393078.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/mCzabyGvKK6dqZhU-image-1615470393078.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/mCzabyGvKK6dqZhU-image-1615470393078.png)

10.0.0.254 en 255.0.0.0 pour l’interface GREEN (LAN)

192.168.0.162 / 24 pour le Wan (RED)

[![image-1615470422639.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/4zfKMLEKmBELOlzu-image-1615470422639.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/4zfKMLEKmBELOlzu-image-1615470422639.png)

[![image-1615470426806.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/Fvc8fqV4kVPCV0gt-image-1615470426806.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/Fvc8fqV4kVPCV0gt-image-1615470426806.png)

[![image-1615470435711.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/0dTRmn3tTIAhYuIj-image-1615470435711.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/0dTRmn3tTIAhYuIj-image-1615470435711.png)

Il faut un nom d’utilisateur et mot de passe différent pour l’admin, idem pour le chiffrage des sauvegardes.

IPCOP est installé et configuré !

### <span style="text-decoration: underline;">Configuration d’IPCOP</span>

On peut se connecter en ligne de commande ou par navigateur web.

[![image-1615470459403.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/BFwHGJCA5qtfrkvL-image-1615470459403.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/BFwHGJCA5qtfrkvL-image-1615470459403.png)

[![image-1615470465032.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/LzypFKAMEyLaPCzM-image-1615470465032.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/LzypFKAMEyLaPCzM-image-1615470465032.png)

### <span style="text-decoration: underline;">Mise à jour</span>

[![image-1615470479566.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/dXKo4wqS8EKNttn4-image-1615470479566.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/dXKo4wqS8EKNttn4-image-1615470479566.png)

[![image-1615470482975.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/hGGDe9zmuWTG4BwN-image-1615470482975.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/hGGDe9zmuWTG4BwN-image-1615470482975.png)

L’actualisation ne marchant pas, nous allons l’importer ici. Pour cela, on se rend sur le site d’ipcop et on télécharge la dernière mise à jour.

[![image-1615470490578.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/JLuCmTtdkem14Fb2-image-1615470490578.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/JLuCmTtdkem14Fb2-image-1615470490578.png)

On la téléverse puis on l’applique.

### <u>Proxy</u><u></u>

[![image-1615470748170.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/OeN1et4tBiNFLrQD-image-1615470748170.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/OeN1et4tBiNFLrQD-image-1615470748170.png)

[![image-1615470754050.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/I5OmkkebtmKGCNe6-image-1615470754050.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/I5OmkkebtmKGCNe6-image-1615470754050.png)

On peut modifier le port du proxy, la langue des messages d’erreurs etc.

[![image-1615470759162.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/bHTDGs6wuHYpCZ3m-image-1615470759162.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/bHTDGs6wuHYpCZ3m-image-1615470759162.png)

On active les journaux.

Plus bas :

[![image-1615470787483.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/sb7zDIOYrMXebmI9-image-1615470787483.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/sb7zDIOYrMXebmI9-image-1615470787483.png)

### <u>Limitation du trafic FTP</u><u></u>

[![image-1615470798345.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/jRf8quQU9KWlKms5-image-1615470798345.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/jRf8quQU9KWlKms5-image-1615470798345.png)

[![image-1615470857402.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/4DgmEcvgFXmarbm5-image-1615470857402.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/4DgmEcvgFXmarbm5-image-1615470857402.png)

### <span style="text-decoration: underline;">Blocage du ping coté internet</span>

[![image-1615470867564.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/3gmx1EV0JzWgGjKh-image-1615470867564.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/3gmx1EV0JzWgGjKh-image-1615470867564.png)

Il faut modifier le fichier rc.firewall dans le but de bloquer le ping, comme la capture d’au dessus.

```bash
nano 146 /etc/rc.d/rc.firewall
```

[![image-1615470895730.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/UIXl9RkOiD3ZWmQa-image-1615470895730.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/UIXl9RkOiD3ZWmQa-image-1615470895730.png)

### <u>Blocage du portable</u><u></u>

Dans services, serveur mandataire.

[![image-1615470914741.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/WkPDuGoL3pWoUhWI-image-1615470914741.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/WkPDuGoL3pWoUhWI-image-1615470914741.png)

### <u>Impossible d’aller sur internet le week-end</u><u></u>

Services, serveur mandataire

[![image-1615470927742.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/UtEBrtpQifMgKpLN-image-1615470927742.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/UtEBrtpQifMgKpLN-image-1615470927742.png)

### <u>Blocage d’un site</u><u></u>

Service, filtreur d’url

[![image-1615470941124.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/an63lrmx98JMAjpV-image-1615470941124.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/an63lrmx98JMAjpV-image-1615470941124.png)

### <u>Mise en place d’une blacklist</u><u> </u>

[![image-1615470950465.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/3b9ysuAEbH8UUOZ7-image-1615470950465.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/3b9ysuAEbH8UUOZ7-image-1615470950465.png)

On clique sur mise à jour immédiate

Test :

[![image-1615470980311.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/zeOeTs3rc0yUV9cv-image-1615470980311.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/zeOeTs3rc0yUV9cv-image-1615470980311.png)

## Conclusion

IPCop permet d’avoir un pare-feu logiciel à moindre coût. Cependant, IPCop est dépassé. La dernière version date de février 2015. Il faut donc passer à des solutions de pare-feu plus récentes, comme pfSense ou IPFire (spin-off de IPCop).